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Description 

BACKGROUND OF THE INVENTION 

Field of the Invention 

The present invention relates to a system 
which carries out data processing by means of a 
pocket-size hermetically sealed electronic device 
that has an electronic device sealed in its inside, 
and more particularly to a pocket-size hermetically 
sealed electronic device which can be adapted for 
a wide variety of services with a single unit of the 
device. 

Description of the Prior Art 

In recent years, development has been under 
way for systems such as home banking system, 
farm banking system, and home shopping system 
that can make use of the communication systems 
to the most advantageous degree. Along with it, 
development of the so-called IC card has also been 
advanced. 

An IC card is a pocket-size hermetically sealed 
electronic device which has an electronic device 
with data processing capability sealed inside of the 
card in such a way as to make it impossible to 
read out those data that require privacy protection. 
The IC card is being utilized in the above systems 
for such purposes as security assurance and mem- 
ory of necessary information of the data on the 
network, and its application to a wide variety of 
uses is being anticipated. Further, it is conceivable 
to use it in the field of financial services for storage 
of financial transaction information and 
encryption/descryption. further, its use as a key to 
scrambling and for storage of viewing/listening in- 
formation for the pay television has been proposed 
by CM Honeywell Bull, Inc. 

Moreover, it may be possible to be applied to 
the medical field for storage of medical information 
for the patients. As described in the above, the IC 
card is anticipated to be utilitzed in the future for ail 
sorts of services that require data storage and data 
processing. 

IC cards and appropriate system for the cards 
of the above discussed type have been broadly 
known, for example, as disclosed in DE-A- 
2,738,113 and IEEE Spectrum 21 (1984), no. 2, 
pages 43-49. The former patent publication de- 
scribes a system allowing authorized users of por- 
table intelligent cards (IC cards) to effect transac- 
tion via a transaction terminal. The IC card com- 
prises at least first and second memory sections, a 
connection section and a control section. Com- 
mand data are supplied to the connection section 
of the IC card from external equipment provided for 



receiving response signals for the functions ex- 
ecuted. The latter article describes a plurality of 
possibilities of how to use IC cards as a transaction 
medium. The cards include microprocessors, read 

5 only memories, PROMs as well as random access 
memories. PROMS are divided into three sections. 
Namely, a first section inaccessible from outside of 
the cards, a second section accessible for writing 
or reading on the conditions determined by the 

io internal programming of the cards and a third sec- 
tion opened to access without any tests. 

There have been a variety of applications of IC 
cards as above. The functions and the kinds of 
data treated by the IC cards depend upon the 

75 application. Ideally, an IC card is designed in ac- 
cordance with the application thereof. If each IC 
card is developed independently, the price of these 
IC cards is increased. On the other hand, it has 
been proposed to design IC cards for general pur- 

20 poses. An IC card of this proposal is endowed with 
basic functions to which a terminal unit gives 
instructions. A variety of desired applications of the 
IC cards can be made possible by combining suit- 
able instructions to exploit basic functions of the IC 

25 card. For example, in the above cited IEEE article, 
the programmable microprocessors select a plural- 
ity of programs to be executed, and are adaptable 
to many different applications. 

However, in this conventional system, a great 

30 number of commands and responses have to be 
exchanged between a terminal unit and an IC card 
in order to carry out a transaction. The amount of 
exchange of data could be decreased by defining 
commands which are suitable for the application, 

35 which scheme, however, is inconsistent with the 
concept of the general-purpose card. 

Summary of the Invention 



40 An object of the present invention is to provide 
an improved system for an IC card reader/writer 
which reduces the amount of commands/data 
which must be transmitted between the terminal 
unit and the IC card. The object of the invention is 

45 solved by a system which carries out data process- 
ing including: 

a pocket-size electronic device, comprising: 

(a) a first memory for storing programs to ac- 
complish a plurality of kinds of basic data pro- 
se cessing, 

(b) a second memory for storing various kinds of 
data used for the basic data processing, 

(c) a connection section for supplying com- 
mands including at least function codes for se- 

55 lecting the programs for the plurality of kinds of 
basic data processing stored in the first mem- 
ory, 

(d) control means for selecting the program in 
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accordance with the command from the connec- 
tion section to execute the basic data process- 
ing in accordance with the program selected, 
and for outputting a result of the executed basic 
data processing as an output signal through said 
connection section when the basic data process- 
ing is completed; 

(e) a terminal including a memory and a CPU 
(16a) for receiving a user command and to sup- 
ply a macro instruction in accordance with the 
user command; and 

(f) an IC card reader/writer for receiving the 
macro instruction from the terminal and to sup- 
ply a command with a function code to the 
connection section, 

characterised by said IC card reader/writer 
being constructed for supplying another com- 
mand with a function code to the connection 
section without another macro instruction from 
■ the terminal in accordance with the output signal 
from the connection section. 
These and other objects, features and advan- 
tages of the present invention will be more appar- 
ent from the following description of the preferred 
embodiments, taken in conjunction with the accom- 
panying drawings. 

Brief Description of the Drawings 

Figure 1 is a block diagram for illustrating the 
function of an IC card embodying the present 
invention; 

Fig. 2 is a block diagram which shows the 
concrete construction of the IC card shown in 
Fig. 1; 

Fig. 3 is a perspective view of the IC card 
shown in Figs. 1 and 2; 

Fig. 4 is a perspective view of a data processing 
system which uses the IC card shown in Figs. 1 
to 3; 

Fig. 5 is a compositional block diagram for the 
system shown in Fig. 4; 

Fig. 6 is a compositional block diagram for the 

card reader/writer in Fig. 5; 

Fig. 7 is a flow chart for illustrating the operation 

of the terminal of the system shown in Fig.4; 

Fig. 8 is a flow chart for illustrating the operation 

of the card reader/writer of the system shown in 

Fig.4; 

Fig.9 illustrates simplified diagrams that show 
the data format for the data to be sent from the 
card reader/writer to the IC card shown in Fig.4; 
Fig. 10 is a flow chart for illustrating the opera- 
tion of the IC card of the system shown in Fig.4; 
Fig. 11 is a flow chart for illustrating the se- 
quence when the system shown in Fig, 4 is ap- 
plied to the credit card system; and 
Fig 12 is a flow chart for illustrating the se- 



quence when the system shown in Fig.4 is ap- 
plied to the transfer system through bank. 

DESCRIPTION OF THE PREFERRED EMBODI- 
5 MENTS 

Referring to Figs.4 and 5, there is shown an IC 
card system 10 embodying the present invention in 
which the system 10 is constructed so as to have 

w an IC card 12 connectable to a terminal 16 via a 
card reader/writer 14, and a keyboard 18, a CRT 
display 20, a printer 22, and a floppy disk 24 
connected to the terminal 1 6. 

The IC card 12 which is kept by the user is for 

75 carrying out such operations as the referencing of 
the key data that is known to the user alone and 
the storing of necessary data in, for instance, pur- 
chasing a merchandise. As the diagram for its 
functions shown in Fig.1 indicates, the card 12 is 

20 composed of the parts for executing basic func- 
tions, such as an R/W section 26, an 
encryption/decryption section 28, and a password 
setting/password collation section 30, and a su- 
pervisor 32 which supervises these basic functions. 

25 The R/W section 26 has a function for reading the 
data from the data memory in the IC card 12 or for 
writing a data in the data memory. The 
encryption/decryption section 28 is for carrying out 
the encryption for the data to be communicated in 

30 order to prevent leakage or falsification in such a 
case as transmitting a data from the terminal 16 to 
another terminal, or for carrying out the decryption 
of the encrypted data. The data processing there, 
is carried out in accordance with an encryption 

35 algorithm which has a sufficiently high encryption 
capability such as the data encryption standard 
(DES). The password setting/password collation 
section 30 is the section for memorizing the pass- 
number (key data) set up by the user, and gives a 

40 permission for the subsequent processing by carry- 
ing out the collation of the key data that is input 
after setting of the password. Further, the supervi- 
sor 32 interprets the function code or the function 
code supplemented by a code that is sent from the 

45 card reader/writer, and causes the selection and 
execution of the required functions from among the 
basic functions. 

In order to accomplish these functions, the IC 
card is composed of, as shown by Fig.2, a CPU 34, 

so a program memory 36, a data memory 38, an I/O 
interface 40, and a contact section 42. The pro- 
gram memory 36 which consists of a mask ROM is 
for memorizing the programs of the CPU 34 that 
are equipped with subroutines in order to realize 

55 the various basic functions. The data memory 38 
comprises a PROM and is divided into a plurality 
of zones Ai , A2, .... An with various kinds of access 
conditions assigned to separate zones, such as a 
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zone from which read alone of the data is possible 
using an external equipment, a zone for which write 
alone is possible, a zone for which both of read 
and write are possible, a zone for which both of 
read and write are not possible, and a zone for 
which read and write are possible only after collat- 
ing of the password is completed. These circuits 
are integrated in the form of an LSI 41 which is 
sealed hermetically in the card 12. It is arranged to 
be connectable to an external equipment only 
through the contact section 42. The contact section 
42 has a total of eight terminals 46 such as those 
for power source, for inputting clock signals, for 
reset, and for inputting and outputting of data. 

The card reader/writer 14 transfer function 
code data between the IC card 1 2 and the terminal 
16. It possesses a function to decompose a macro 
instruction received from the terminal 16 into com- 
mands for IC card, and supplies the commands to 
the IC card 12 in succession. More specifically, the 
card reader/writer 14 includes, as shown by Figs. 5 
and 6, a transportation mechanism 48 which trans- 
ports the IC card 12 that is inserted to the card 
insertion port 14a to a prescribed position, an IC 
card contact section 50 which makes an electrical 
contact with the contact section 42 of the IC card 
12 that is set at the prescribed position, a control 
circuit 52 which controls the device as a whole, and 
an I/O interface 54 which transfers function code or 
data between the terminal 16. 

The terminal 16 is composed of a CPU 16a 
and a memory 16b as shown in Fig. 5, and in 
response to the user's demand which is input via 
the keyboard 18 determines selection and com- 
bination of function codes to be given to the card 
reader/writer 14 by reading the required data pro- 
cessing programs that are memorized in the mem- 
ory 16b or the floppy disk unit 24. The user re- 
ceives the message from the terminal 16 via the 
CRT display 20 or the printer 22. 

Next, the operation of the system in accor- 
dance with the embodiment constructed as in the 
above will be described. 

As shown by Fig. 7, in a stationary state as 
represented by step 100 the terminal 16 is in the 
state which is waiting for a command from the 
user. As a command from the user is input, the 
terminal 16 analyzes the command (step 102) and 
determines the selection of necessary functions 
and their sequence (step 104). When the sequence 
is determined the terminal 16 outputs necessary 
command (function code) to the card reader/writer 
14 (step 106). Then, the terminal 16 will remain in 
the state of waiting until it receives from the card 
reader/writer 14 a response that indicates the com- 
pletion of the processing required by the command 
(step 108). Upon receipt of a response, it judges 
whether it is a final response. If it is not a final 



response, it sends out again a command to the 
card reader/writer 14 in accordance with the se- 
quence, and if it is a final response, it returns to the 
state of waiting for a command from the user (step 
5 110). 

In step 120, when the card reader/writer 14 is 
in a stationary state, it is in the state of waiting for 
a command from the terminal as shown by Fig. 8. 
When a command is input, it judges whether the IC 

70 card is in execution (step 122), and if it is found to 
be executing, it goes back again to the state of 
waiting for a command after outputting a response 
which indicates that it is a multiple command error 
to the terminal 16 (step 124). If the IC card is found 

75 to be not in execution, it judges the command from 
the terminal 16 to determine a set of command 
sequence to be given to the IC card 12 (step 126). 
Following that, it outputs the first command to the 
IC card 12 (step 128). Then, it goes to the state of 

20 waiting for a response from the IC card 12 (step 
130). When a response from the IC card 12 is 
received, it judges whether there still remains some 
commands to be given to the IC card (step 132), 
and if it is found that there are some, it returns to 

25 step 128 to repeat outputting of the command. 
Otherwise, it outputs a response to the terminal 16 
(step 134). 

The command to be output from the card 
reader/writer 14 to the IC card 12 has the format 
30 with prescribed bit length as indicated in Fig. 9, 
with a form which contains a function code alone 
as shown by Fig. 9a or a form which contains a 
function code augmented by a data as shown by 
Fig. 9b. 

35 In its stationary state, the IC card 12 is in the 

state of waiting for a command from the card 
reader/writer 14 as shown by Fig. 10 (step 140). 
When a command is input, it executes the basic 
functions in accordance with the command (142) 

40 and outputs the response to the card reader/writer 
14 (step 144). Then, it goes back to its original 
state of waiting. 

The response in this case is supplemented by 
the command that was input originally, to provide 

45 for a protective measure for the case where the 
sequence between the card reader/writer 14 is dis- 
turbed. 

It should be noted as shown in the above 
embodiment that it is convenient to render the 

so command system to be successively more macro 
as one goes upstream along IC card 12 -* card 
reader/writer 14 terminal 16. With such an ar- 
rangement the preparation of application programs 
in the upstream will become very easy. 

55 Next, a concrete examples of operation of the 
system will be described. 

Figure 11 shows an example of credit card 
system. It is assumed here that the sequence for 
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the credit card system for the terminal 16 has 
already been determined. The user first inserts his 
IC card 12 into the card reader/writer 14. The card 
reader/writer 14 outputs a signal that informs that 
an IC card 12 is inserted, to the terminal 16. Based 
on this, the terminal 16 urges the user to input his 
passnumber. When the user inputs the passnum- 
ber the terminal 16 outputs the passnumber and 
the password collation instruction to the card 
reader/writer 14. The card reader/writer 14 outputs 
the passnumber and the password collation instruc- 
tion to the IC card 12. The IC card 12 executes the 
password setting/password collation function to 
compare and refer the input passnumber with the 
passnumber memorized in its inside. When the 
result of the collation is affirmative, the IC card 12 
outputs the response to the card reader/writer 14. 
The card reader/writer gives a permission to input, 
to the terminal 16. Based on this, the terminal 
urges the user to input the sum of purchase of 
merchandises. When the user inputs the sum of 
the purchase, the terminal 16 requests a list of past 
purchases from the card reader/writer 14. This re- 
quest command is given in the form of a macro 
instruction, and the card reader/writer 14 outputs a 
read command to the IC card based on it. In 
response to this command the IC card 12 executes 
the R/W function to output the data on the previous 
purchases that is memorized in its inside. The read 
command will remain in effect until the final re- 
sponse is received from the IC card 12, and the 
purchase list read during that time is held in the 
card reader/writer 14. In this case, in order to avoid 
inputting of a plurality of commands in the inside of 
the IC card 12, care is to be taken that a next 
command is output after a response is returned. 
When the final response from the IC card 12 is 
received, the card reader/writer 14 outputs the en- 
tirety of the purchase list to the terminal 16. The 
terminal 16 computes the balance to be applicable 
to the purchase for the IC card from the list, and 
outputs a write command for purchase sum to the 
card reader/writer 14 only when the purchase sum 
is less than the balance. This command, too, is 
given as a macro instruction, and the card 
reader/writer 14 outputs repeatedly the write com- 
mand of data, to the IC card 12. The reason for 
repeating the writing of data is that a single write is 
not sufficient to write the entirety of the data. The 
IC card 12 executes the R/W function in accor- 
dance with the command, and makes entry of the 
new purchase sum in the purchase list of merchan- 
dises. When the card reader/writer 14 received the 
final response, the completion of inputting is in- 
formed to the terminal 16. The terminal 16 displays 
the balance on the CRT display 20, and outputs a 
message that indicates the end of the processing, 
completing the purchase of a merchandise by 



means of the credit card system. 

Next, an example of application of the IC card 
to the transfer system through bank will be de- 
scribed by referring to Fig. 12. 

s It will be assumed that the terminal 16 has 

already determined the sequence for the transfer 
system through bank. Form insertion of the credit 
card 12, through password collation, and up to 
input permission by the card reader/writer 14 are 

w carried out based on the procedure similar to the 
credit card system described in the above. Then, 
the terminal 16 urges the user to input necessary 
transfer data such as the bank account number of 
the payee, the bank account number of the payer, 

75 and the sum of transfer. When the user inputs the 
transfer data, the terminal 16 outputs an instruction 
for encrypting the transfer data to the card 
reader/writer 14. This instruction is given in the 
form of a macro instruction, and based on this, the 

20 card reader/writer 14 outputs to the IC card 12 an 
encrypted command supplemented by the transfer 
data. The IC card 12 executes the 
encryption/decryption function, and outputs an en- 
crypted data to the card reader/writer 14. The card 

25 reader/writer 14 stores the encrypted data in its 
inside until completion of the encryption of the 
transfer data. After the encryption of the transfer 
data, the card reader/writer 14 outputs the encryp- 
ted data to the terminal 16 upon receipt of the final 

30 encrypted data. The terminal 16 transmits the en- 
crypted data to the terminal for the other party 
(bank) via a circuit. In response to this, the terminal 
of the other party transmits a signal which acknowl- 
edges the receipt of the data, where the signal 

35 transmitted is an encrypted data too. When this 
data is received the terminal 16 outputs a decryp- 
tion instruction along with the received data to the 
card reader/writer 14. This instruction is also a 
macro instruction so that the card reader/writer 14 

40 outputs continuously the decryption instruction, to 
the IC card 12. Based on the instruction the IC card 
12 executes the encryption/decryption function in 
its inside, and outputs the decrypted data obtained 
to the card reader/writer 14. Upon receipt of the 

45 final decrypted data, the card reader/writer 14 out- 
puts the entirety of the decrypted data to the 
terminal 16, Then, in order to keep a documentary 
evidence in the inside of the IC card 12, the 
terminal 16 outputs the transfer data and the re- 

50 ceived data along with a write command, to the 
card reader/writer 14. The command is also a 
macro command, and the card reader/writer 14 
outputs continuously the write command to the IC 
card 12. The IC card 12 executes the R/W function 

55 in its inside and stores the above data in its inside. 
Upon receipt of the final response from the IC card 
12, the card reader/writer 14 outputs a signal that 
indicates the completion of inputting to the terminal 
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16. The terminal 16 outputs the message that in- 
dicates the completion of transfer on the CRT 
display 20. With this, the transfer operation by 
means of the transfer system through bank is com- 
pleted. 

In this manner, according to the present em- 
bodiment the software that determines the function 
selection and the processing sequence in the in- 
side of the IC card 12, through the operation on the 
terminal 16, can be constructed at will by the 
provider of the service so that it is possible to meet 
a wide variety of data processing requirements. 
This becomes possible due to the circumstance 
that a plurality of basic functions are given to the 
IC card 12 and that an arrangement is made to 
permit a selective execution of these basic func- 
tions. These basic functions are not limited to those 
described in the foregoing so that the utility of the 
present invention can be increased greatly by ar- 
ranging the functions to be applicable to all sorts of 
services and be of general use and basic char- 
acter. 

It is to be noted that although the IC card is 
described in conjunction with the pocket-size her- 
metically sealed electronic device, the present in- 
vention is not limited to a card-like structure and 
may be applied to structures of block-like or pencil- 
like. 

Claims 

1. A system which carries out data processing, 
including: 

a pocket-size electronic device (12), com- 
prising: 

(a) a first memory (36) for storing programs 
to accomplish a plurality of kinds of basic 
data processing, 

(b) a second memory (38) for storing var- 
ious kinds of data used for the basic data 
processing, 

(c) a connection section (42) for supplying 
commands including at least function codes 
for selecting the programs for the plurality 
of kinds of basic data processing stored in 
the first memory, 

(d) control means (34) for selecting the pro- 
gram in accordance with the command from 
the connection section to execute the basic 
data processing in accordance with the pro- 
gram selected, and for outputting a result of 
the executed basic data processing as an 
output signal through said connection sec- 
tion when the basic data processing is com- 
pleted; 

(e) a terminal (16) including a memory (16b) 
and a CPU (16a) for receiving a user com- 
mand and to supply a macro instruction in 



accordance with the user command; and 
(f) an IC card reader/writer (14) for receiving 
the macro instruction from the terminal (16) 
and to supply a command with a function 

5 code to the connection section, 

characterised by said IC card 
reader/writer (14) being constructed for sup- 
plying another command with a function 
code to the connection section without an- 

w other macro instruction from the terminal 

(16) in accordance with the output signal 
from the connection section. 

2. The data processing system as claimed in 
75 claim 1 , wherein another command from the IC 

card reader/writer (14) to the connection sec- 
tion (42) is predetermined by the ouput signal 
from the connection section (42). 

20 3. The data processing system as claimed in 
claim 1 , wherein the plurality of kinds of basic 
data processings include a data read/write pro- 
cessing, an encryption/decryption processing 
for preventing leakage and falsification of com- 

25 munication data, and a password 

setting/password collation processing. 

4. The data processing system as claimed in 
claim 1 , wherein the pocket-size electronic de- 

30 vice (12) comprises a hermetically-sealed IC 

card. 

5. The data processing system as claimed in 
claim 1 wherein the first memory (36) com- 
as prises a mask ROM. 

6. The data processing system as claimed in 
claim 1, wherein the second memory (38) 
comprises a PROM, and the control means 

40 (34) comprises a CPU. 

7. The data processing system as claimed in 
claim 1, wherein said second memory (38) of 
the pocket-size electronic device (12) is di- 

45 vided into a plurality of zones asigned sepa- 

rately with different access conditions. 

8. In a system which carries out data processing 
by means of a pocket size electronic device, 

50 according to one of the previous claims, a data 

processing method, including the steps of: 

(a) supplying a macro instruction from a 
terminal (16) including a memory (16b) and 
a CPU (16a) to an IC card reader/writer (14) 

55 in accordance with a user command; 

(b) supplying one of a plurality of com- 
mands from the IC card reader/writer (14) to 
the pocket-size electronic device (12) in ac- 
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cordance with the macro instruction from 
the terminal (16), each command having at 
least a function code for selecting a pro- 
gram stored in the pocket-size hermetically 
sealed electronic device, a plurality of kinds 
of basic data processings being accom- 
plished in accordance with the selected pro- 
grams; 

(c) selecting the program in accordance 
with the function code of the command; 

(d) executing a basic data processing in 
accordance with the selected program; 

(e) outputting a result of the executed basic 
data processing as an output signal from 
the pocket-size electronic device (12) when 
the basic data processing of the selected 
program is completed; 

characterised by the steps of: 

(f) supplying another command from the IC 
card reader/writer (14) to the pocket-size 
electronic device (12) without further macro 
instruction from the terminal (16) in accor- 
dance with the output signal from the 
pocket-size hermetically sealed electronic 
device; and, 

(g) repeating the operation of the steps (c), 
(d), (e) and (f) at least one time. 

9. The data processing method as claimed in 
claim 8, wherein the plurality of kinds of basic 
data processings include a data reader/write 
processing, a encryption/decryption processing 
for preventing leakage and falsification of com- 
munication data, and a password 
setting/password collation processing. 

10. The data processing method as claimed in 
claim 8, wherein the pocket-size electronic de- 
vice (12) comprises a hermetically sealed IC 
card. 

Revendlcations 

1. Systeme effectuant un traitement de donne*es, 
comportant: 

un dispositif 6lectronique de poche (12), 
comprenant: 

(a) une premiere mSmoire (36) pour stocker 
des programmes devant ex£cuter une plura- 
lity de types de traitements de donn^es de 
base, 

(b) une seconde mSmoire (38) pour stocker 
divers types de donn^es utilises pour le 
traitement de donnSes de base, 

(c) une section de connexion (42) pour four- 
nir des ordres, comportant au moins des 
codes de fonctions pour sSlectionner les 
programmes correspondant a la plurality de 



types de traitements de donnSes de base 
stocked dans la premiere me'moire, 

(d) un moyen de commande (34) pour s§- 
lectionner le programme en fonction de I'or- 

5 dre provenant de la section de connexion 

afin d'ex^cuter le traitement de donnSes de 
base en fonction du programme se*lection- 
ne\ et pour fournir en sortie un re^sultat du 
traitement de donn£es de base execute* en 

w tant que signal de sortie par I'interme'diaire 

de ladite section de connexion lorsque le 
traitement de donn^es de base est achev6; 

(e) un terminal (16) comportant une m6moi- 
re (16b) et une unite* centrale (16a) pour 

75 recevoir un ordre de Tutilisateur et fournir 

une macro-instruction dependant de I'ordre 
de Putilisateur; et 

(f) un lecteur/enregistreur de carte a puce 
(14) pour recevoir fa macro-instruction du 

20 terminal (16) et fournir un ordre avec un 

code de fonction a la section de connexion 

caract6rise~ par le fait que ledit 
lecteur/enregistreur de carte a puce (14) est 
congu pour fournir un autre ordre avec un 

25 code de fonction a la section de connexion 

sans autre macro-instruction provenant du 
terminal (16), selon signal de sortie prove- 
nant de la section de connexion. 

30 2. Systeme de traitement de donnSes selon la 
revendication 1, dans lequel un autre ordre 
provenant du lecteur/enregistreur de carte a 
puce (14) et fourni a la section de connexion 
(42) est predetermine* par le signal de sortie 

35 provenant de la section de connexion (42). 

3. Systeme de traitement de donn^es selon la 
revendication 1, dans lequel la plurality de 
types de traitements de donn£es de base 

40 comporte un traitement de lecture/6criture de 

donn£es, un traitement 

d'encryptage/de'cryptage pour empecher les 
fuites et les falsifications de donn^es comma- 
niqu£es, et un traitement 

45 d"enregistrement/contr6le de mot de passe. 

4. Systeme de traitement de donn£es selon la 
revendication 1 , dans lequel le dispositif elec- 
tronique de poche (12) comprend une carte a 

so puce scelle*e hermStiquement. 

5. Systeme de traitement de donne"es selon la 
revendication 1, dans lequel la premiere rr\6- 
moire (36) comprend une mSmoire morte a 

55 masque. 

6. Systeme de traitement de donnSes selon la 
revendication 1, dans lequel la seconde m6- 
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moire (38) comprend une mEmoire morte pro- 
grammable, et dans lequel le moyen de com- 
mande (34) comprend une unite* centrale. 

7. Systeme de traitement de donnEes selon la 5 
revendication 1, dans lequel ladite seconde 
mEmoire (38) du dispositif Electronique de po- 

che (12) est divisEe en une plurality de zones 
auxquelles sont sEparEment affectEes des 
conditions d'acces diffErentes. io 

8. Dans un systeme mettant en oeuvre un traite- 
ment de donnEes au moyen d'un dispositif 
Electronique de poche, selon Tune quelconque 

des revendications prEcEdentes, procEdE de 75 
traitement de donnEes, comportant les Stapes 
consistant a: 

(a) fournir une macro-instruction a partir 
d'un terminal (16) comportant une mEmoire 
(16b) et une unite* centrale (16a), a un 20 
lecteur/enregistreur de carte a puce (14) 
selon un ordre d'utilisateur; 

(b) fournir Tun d'une pluralite* d'ordres pro- 
venant du lecteur/enregistreur de carte a 
puce (14) au dispositif Electronique de po- 25 
che (12) en fonction de la macro-instruction 
provenant du terminal (16), chaque ordre 
ayant au moins un code de fonction permet- 

tant de sE lection ner un programme stocke* 
dans le dispositif Electronique de poche 30 
sceilE hermEtiquement, une pluralite* de ty- 
pes de traitements de donnEes de base 
Etant effectuEe selon les programmes se- 
lection's; 

(c) sElectionner le programme selon le code 35 
de fonction de I'ordre; 

(d) exEcuter un traitement de donnEes de 
base selon la programme sElectionnE; 

(e) fournir en sortie un resultat du traitement 

de donnEes de base execute* sous la forme 40 
d'un signal de sortie du dispositif Electroni- 
que de poche (12) lorsque le traitement de 
donnEes de base du programme sElection- 
nE est achevE; 

caractErisE par les Etapes consistant a: 45 

(f) fournir un autre ordre provenant du 
lecteur/enregistreur de carte a puce (14) au 
dispositif Electronique de poche (12) sans 
autre macro-instruction provenant du termi- 
nal (16), selon le signal de sortie du disposi- 50 
tif Electronique de poche scellE hermEtique- 
ment; et 

(g) rEpEter les opErations (c), (d), (e) et (f) 
au moins une fois. 

55 

9. ProcEdE de traitement de donnEes selon la 
revendication 8, dans lequel la plurality de 
types de traitements de donnEes de base 



comporte le traitement de lecture/Ecriture de 
donnEes, un traitement 

d'encryptage/dEcryptage pour emp§cher les 
fuites et les falsifications des donnEes commu- 
niques, et un traitement 
d'enregistrement/controle de mot de passe. 

10. ProcEdE de traitement de donnEes selon la 
revendication 8, dans lequel le dispositif Elec- 
tronique de poche (12) comprend une carte a 
puce scellEe hermEtiquement. 

PatentansprUche 

1. System, welches Datenverarbeitung durchfuhrt, 
umfassend: 

eine elektronische Einrichtung (12) im Ta- 
schenformat, mit 

a) einem ersten Speicher (36) zum Spei- 
chern von Programmen, urn eine Vielzahl 
von grundlegenden Datenverarbeitungsarten 
auszufiihren, 

b) einem zweiten Speicher (38), urn ver- 
schiedene Arten von Daten zu speichem, 
die fur die grundlegende Datenverarbeitung 
verwendet werden, 

c) einem Verbindungsabschnitt (42), urn Be- 
fehle, die wenigstens Funktionscodes zum 
Wahlen der Programme fur die Vielzahl von 
grundlegenden Datenverarbeitungsarten, die 
in dem ersten Speicher gespeichert sind, 
einschlieJ3en, zu liefern, 

d) einer Steuereinrichtung (34) zum Wahlen 
des Programms in Obereinstimmung mit 
dem Befehl von dem Verbindungsabschnitt, 
urn die grundlegende Datenverarbeitung in 
Obereinstimmung mit dem gewahlten Pro- 
gramm auszufiihren, und zum Ausgeben ei- 
nes Ergebnisses der ausgefuhrten, grundle- 
genden Datenverarbeitung als ein Aus- 
gangssignal durch den Verbindungsab- 
schnitt, wenn die grundlegende Datenverar- 
beitung abgeschlossen ist; 

e) einem AnschluB (16), welcher einen Spei- 
cher (16b) und eine CPU (16a) zum Emp- 
fangen eines Benutzerbefehls und zum Lie- 
fern einer Makroanwei sung in Obereinstim- 
mung mit dem Benutzerbefehl einschlieBt; 
und 

f) einem IC-Kartenleser/Schreiber (14), zum 
Empfangen der Makroanweisung von dem 
AnschluB (16) und zum Liefern eines Be- 
fehls mit einem Funktionscode an den Ver- 
bindungsabschnitt, 

dadurch gekennzelchnet, 

6aB der IC-Kartenleser/Schreiber (14) konstru- 
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iert ist, einen anderen Befehl mit einem Funk- 
tionscode zu dem Verbindungsabschnitt ohne 
eine andere Makroanweisung von dem An- 
schlufl (16) in Obereinstimmung mit dem Aus- 
gangssginal von dem Verbindungsabschnitt zu 
liefern. 

2. Datenverarbeitungssystem nach Anspruch 1, 
dadurch gekennzeichnet, daJ3 ein anderer Be- 
fehl von dem IC-Kartenleser/Schreiber (14) an 
den Verbingungsabschnitt (42) durch das Aus- 
gangssignal von dem Verbindungsabschnitt 
(42) vorbestimmt wird. 

3. Datenverarbeitungssystem nach Anspruch 1, 
dadurch gekennzeichnet, daJ3 die Vielzahl von 
grundlegenden Datenverarbeitungsarten eine 
Dateniese/Schreibverarbeitung, eine 
Verschlusselungs- 

/Entschliisselungsverarbeitung zum Verhindern 
von Verbreitung und Falschung von Kommuni- 
kationsdaten, sowie eine Paflworteinstell- 
/PaBwort-Kolationierungsverarbeitung einschiie- 
J3en. 

4. Datenverarbeitungssystem nach Anspruch 1, 
dadurch gekennzeichnet, da/3 die elektronische 
Einrichtung (12) im Taschenformat eine herme- 
tisch abgedichtete IC-Karte umfa/it. 

5. Datenverarbeitungssystem nach Anspruch 1, 
dadurch gekennzeichnet, dafl der erste Spei- 
cher (36) einen Masken-Raum umfaflt. 

6. Datenverarbeitungssystem nach Anspruch 1, 
dadurch gekennzeichnet, dai3 der zweite Spei- 
cher (38) einen ROM umfaBt, und die Steue- 
rungseinrichtung (34) eine CPU umfa/Jt. 

7. Datenverarbeitungssystem nach Anspruch 1, 
dadurch gekennzeichnet, dafi der zweite Spei- 
cher (38) der elektronischen Einrichtung (12) 
im Taschenformat in eine Vielzahl von Zonen 
unterteilt ist, die getrennt verschiedenen Zu- 
gangsbedingungen zugeordnet sind. 

8. Datenverarbeitungsverfahren in einem System, 
welches Datenverarbeitung mittels einer elek- 
tronischen Vorrichtung im Taschenformat ge- 
m'aB einem der vorangehenden Anspriiche 
durchfuhrt, mit den Schritten: 

a) Liefern einer Makroanweisung von einem 
Terminal (16), welches einen Speicher (16b) 
und eine CPU (16a) einschlieflt, an einen 
IC-Kartenleser/Schreiber (14) in Oberein- 
stimmung mit einem Benutzerbefehl; 

b) Liefern eines von einer Vielzahl von Be- 
fehl en von dem IC-Kartenleser/Schreiber 



(14) an die elektronische Vorrichtung (12) 
im Taschenformat in Obereinstimmung mit 
der Makroanweisung von dem Terminal 
(16), wobei jeder Befehl wenigstens einen 

5 Funktionscode zum Wahlen eines Program- 

mes aufweist, das in der elektronischen, 
hermetisch abgedichteten Vorrichtung im 
Taschenformat gespeichert ist, wobei eine 
Vielzahl von grundlegenden Datenverarbei- 

io tungsarten in Obereinstimmung mit den ge- 

wahlten Programmen durchgefuhrt wird; 

c) Wahlen des Programms in Obereinstim- 
mung mit dem Funktionscode des Befehls; 

d) Durchfuhren einer grundlegenden Daten- 
75 verarbeitung in Obereinstimmung mit dem 

gewahlten Programm; 

e) Ausgeben eines Ergebnisses der ausge- 
fuhrten, grundlegenden Datenverarbeitung 
als ein Ausgangssignal von der elektroni- 

20 schen Vorrichtung (12) im Taschenformat, 

wenn die grundlegende Datenverarbeitung 
des gewahlten Programmes abgeschlossen 
ist; 

gekennzeichnet durch die Schritte: 
25 f) Liefern eines anderen Befehls von dem 

IC-Kartenleser/Schreiber (14) an die elektro- 
nische Vorrichtung (12) im Taschenformat 
ohne eine weitere Makroanweisung von 
dem Terminal (16) in Obereinstimmung mit 
30 dem Ausgangssignal von der elektroni- 

schen, hermetisch abgedichteten Vorrich- 
tung im Taschenformat; und 
g) Wiederholen des Vorganges der Schritte 
c), d), e) und f) wenigstens einmal. 

35 

9. Datenverarbeitungsverfahren nach Anspruch 8, 
dadurch gekennzeichnet, dafl die Vielzahl von 
grundlegenden Datenverarbeitungsarten eine 
Dateniese/Schreibverarbeitung, eine 

40 Verschlusselungs- 

/Entschliisselungsverarbeitung zum Verhindern 
von Verbreitung und Falschung von Kommuni- 
kationsdaten, sowie eine PaBworteinstell- 
/Paflwortkolationierungsverarbeitung eisnchlie- 

45 I3en. 

10. Datenverarbeitungsverfahren nach Anspruch 8, 
dadurch gekennzeichnet, da£ die elektronische 
Vorrichtung (12) im Taschenformat eine her- 

50 metisch abgedichtete IC-Karte einschlieflt. 
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Abstract 



Method and apparatus for preventing inadmissible deviations from the runtime protocol of an application in a 
data exchange system. The data exchange system has, for example, a terminal T and a chip card K. For 
various applications (for example, automatic teller unit, computer access), basic functions B stored in the 
chip card K are processed in a sequence respectively defined in a protocol. Since the basic functions B are 
called in proceeding from the terminal T, the data integrity could be deteriorated by intentional modifications 
of the protocol sequence at the terminal T. By storing the allowable protocols in a control list STL and 
establishing a status memory area ZS on the chip card K, it becomes possible to monitor the protocol 
execution on the chip card K independently of the terminal T. The respective status Z of an application is 
fixed in the status memory area ZS. All basic function designations Bn permitted for a status Z are deposited 
in the control list STL. 
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